Privacy Policy

How we collect, use, and protect your information

Effective Date: January 1, 2025 Last Updated: January 1, 2025

1. Introduction

DMEAid, LLC ("DMEAid," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered DME order automation platform.

HIPAA Compliance: For healthcare providers and their patients, we maintain strict compliance with the Health Insurance Portability and Accountability Act (HIPAA). Protected Health Information (PHI) is handled according to our HIPAA policies and Business Associate Agreements.

2. Information We Collect

Information You Provide

  • Account registration information (name, email, organization)
  • Contact information for demo requests
  • Communications with our support team
  • Billing and payment information

Information Collected Automatically

  • Device and browser information
  • IP address and location data
  • Usage patterns and feature interactions
  • Log data and analytics

Protected Health Information (PHI)

When processing DME orders on behalf of healthcare providers, we may receive PHI including patient names, diagnoses, insurance information, and medical equipment needs. This information is handled strictly in accordance with HIPAA requirements and applicable Business Associate Agreements.

3. How We Use Your Information

  • To provide and maintain our DME automation services
  • To process and fulfill DME orders
  • To communicate with you about your account and our services
  • To improve and optimize our platform
  • To comply with legal obligations
  • To protect against fraud and unauthorized access

4. Data Security

We implement industry-standard security measures to protect your information:

  • AES-256 encryption for data at rest and in transit
  • SOC 2 Type II compliant infrastructure (Google Cloud Platform)
  • Regular security audits and penetration testing
  • Access controls and authentication requirements
  • Comprehensive audit logging with SHA-256 hash chains

5. Data Retention

We retain your information for as long as necessary to provide our services and comply with legal obligations:

  • Account data: Duration of account plus 30 days after deletion
  • PHI and medical records: Minimum 6 years per HIPAA requirements
  • Audit logs: Minimum 6 years
  • Marketing communications: Until you unsubscribe

6. Your Rights

Depending on your location, you may have the following rights:

  • Access your personal information
  • Correct inaccurate information
  • Delete your information (subject to legal requirements)
  • Object to or restrict processing
  • Data portability
  • Withdraw consent

For PHI-related requests, please contact your healthcare provider directly.

7. Third-Party Services

We work with trusted service providers who help us operate our platform. All third parties handling PHI have signed Business Associate Agreements. Our key infrastructure partners include Google Cloud Platform and other SOC 2 compliant providers.

8. Contact Us

For privacy-related questions or to exercise your rights, contact us at:

DMEAid, LLC
Email: privacy@dmeaid.com
HIPAA Privacy Officer: hipaa@dmeaid.com

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last Updated" date.